CVE-2025-22868

Unexpected memory consumption during token parsing in golang.org/x/oauth2

Description

An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.

Patch Available

Fix available through Seal Security.  
No upgrade required, protect your application instantly.

Fix without upgrading

Score

7.5

Severity

High

Ecosystem

GO

Publish Date

February 25, 2025

Modified Date

March 24, 2026

Score Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Versions